Update "timestamp" field by query (subtract time from the original field and reindex)

dboss101 · May 30, 2018, 10:05am

Hi,

I'm trying to create a rest call that will perform the following.

find all documents that match a simple query of field:value.
in those documents, update the value of the "timestamp" field to be timestamp - 1 minute.

I was thinking to do this with the update by query api, I'm just not sure how to write the painless script to do the subtraction update of the timestamp field.

any help appreciated.

thanks!

abdon · May 31, 2018, 8:15am

Something like this should work:

POST my_index/_update_by_query
{
  "query": {
    "match": {
      "field": "value"
    }
  },
  "script": {
    "source": "ctx._source.timestamp = OffsetDateTime.parse(ctx._source.timestamp).minusMinutes(1)"
  }
}

dboss101 · May 31, 2018, 9:13am

thank you very much!

dboss101 · May 31, 2018, 12:41pm

actually got an error while trying to run this...

{
"error": {
	"root_cause": [{
		"type": "script_exception",
		"reason": "runtime error",
		"script_stack": ["java.util.Objects.requireNonNull(Objects.java:228)", "java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1848)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:402)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:387)", "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)", "                                          ^---- HERE"],
		"script": "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)",
		"lang": "painless"
	}],
	"type": "script_exception",
	"reason": "runtime error",
	"script_stack": ["java.util.Objects.requireNonNull(Objects.java:228)", "java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1848)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:402)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:387)", "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)", "                                          ^---- HERE"],
	"script": "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)",
	"lang": "painless",
	"caused_by": {
		"type": "null_pointer_exception",
		"reason": "text"
	}
},
"status": 500
}

any idea what can be the issue here?

abdon · May 31, 2018, 8:19pm

You are using ctx._timestamp instead of ctx._source.timestamp (or ctx._source.fieldname, where fieldname is the name of the timestamp field you are trying to update).

system · June 28, 2018, 8:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.